Revision 29c75ddd json-streamer.c

b/json-streamer.c
18 18
#include "json-lexer.h"
19 19
#include "json-streamer.h"
20 20

  
21
#define MAX_TOKEN_SIZE (64ULL << 20)
22
#define MAX_NESTING (1ULL << 10)
23

  
21 24
static void json_message_process_token(JSONLexer *lexer, QString *token, JSONTokenType type, int x, int y)
22 25
{
23 26
    JSONMessageParser *parser = container_of(lexer, JSONMessageParser, lexer);
......
49 52
    qdict_put(dict, "x", qint_from_int(x));
50 53
    qdict_put(dict, "y", qint_from_int(y));
51 54

  
55
    parser->token_size += token->length;
56

  
52 57
    qlist_append(parser->tokens, dict);
53 58

  
54 59
    if (parser->brace_count < 0 ||
......
60 65
        parser->emit(parser, parser->tokens);
61 66
        QDECREF(parser->tokens);
62 67
        parser->tokens = qlist_new();
68
    } else if (parser->token_size > MAX_TOKEN_SIZE ||
69
               parser->bracket_count > MAX_NESTING ||
70
               parser->brace_count > MAX_NESTING) {
71
        /* Security consideration, we limit total memory allocated per object
72
         * and the maximum recursion depth that a message can force.
73
         */
74
        parser->brace_count = 0;
75
        parser->bracket_count = 0;
76
        parser->emit(parser, parser->tokens);
77
        QDECREF(parser->tokens);
78
        parser->tokens = qlist_new();
63 79
    }
64 80
}
65 81

  
......
70 86
    parser->brace_count = 0;
71 87
    parser->bracket_count = 0;
72 88
    parser->tokens = qlist_new();
89
    parser->token_size = 0;
73 90

  
74 91
    json_lexer_init(&parser->lexer, json_message_process_token);
75 92
}

Also available in: Unified diff